Study: Half of Live-Streaming Ads are Malicious

Next time you look to live-stream sports, a concert or pretty much anything online, you better proceed with caution: according to a giant study of web sites offering free live-streaming, as many as 50% of video overlay ads on those sites carry malware, or otherwise open viewers up to personal data theft and scams.

The report from Belgium’s KU Leuven-iMinds and New York’s Stony Brook University examined more than 23,000 free live-streaming sites, covering more than 5,600 domain names, and examined the ads that appeared during more than 850,000 visits, covering a full terabyte of online traffic.

What they found was online viewers were definitely accepting a trade off: the content they stream may be free, but it’s a coin flip when it comes to the ads associated with the content. Viewers are exposed to malware infections, personal data theft and scams, almost always without being aware of the cyber security breach.

“Until now, free live-streaming services have mostly been analyzed from a legal perspective. Our study is the first to quantify the security risk of using these services,” said M. Zubair Rafique, with the KU Leuven Department of Computer Science and iMinds). “We have assessed the impact of free live-streaming services on users.

“In addition to exposing numerous copyright and trademark infringements, we found that clicking on video overlay ads leads users to malware-hosting web pages in 50% of the cases.”

The scary thing for viewers: Most infringing pages are disguised to look legitimate, and trick users into downloading malware to continue viewing content. The research found that Google Chrome and Safari are more vulnerable compared to other browsers, and that the live-streaming cyber criminals will use scripts that aim to detect and defeat ad-blocker extensions.

“It’s a public secret that the [live-streaming] ecosystem is not averse to using deceptive techniques to make money from the millions of users who use their services to watch live [sport] events,” said Nick Nikiforakis with Stony Brook University. “One example is the use of malicious overlay ads, which cover the video player with fake ‘close’ buttons. When users click these buttons, they risk being exposed to malware.”